Filter
Top Products
Configuring and managing security ACLs 433
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Filtering based on DSCP values
You can configure an ACE to filter based on a packet’s Differentiated Services Code Point (DSCP) value, and
change the packet’s CoS based on the DSCP value. A CoS setting marked by an ACE overrides the CoS
setting applied from the switch’s QoS map.
Table 2 lists the CoS values to use when reassigning traffic to a different priority. The CoS determines the AP
forwarding queue to use for the traffic when sending it to a wireless client.
Using the dscp option
The easiest way to filter based on DSCP is to use the dscp codepoint option. The following commands remap
IP packets from IP address 10.10.50.2 that have DSCP value 46 to have CoS value 7 when they are forwarded
to any 10.10.90.x address on Distributed AP 4:
WSS# set security acl ip acl2 permit cos 7 ip 10.10.50.2 0.0.0.0 10.10.90.0 0.0.0.255
dscp 46
success: change accepted.
WSS# set security acl ip acl2 permit any
success: change accepted.
WSS# commit security acl acl2
success: change accepted.
WSS# set security acl map acl2 ap 4 out
success: change accepted.
Using the precedence and ToS options
You also can indirectly filter on DSCP by filtering on both the IP precedence and IP ToS values of a packet.
However, this method requires two ACEs. To use this method, specify the combination of precedence and ToS
values that is equivalent to the DSCP value. For example, to filter based on DSCP value 46, configure an ACL
that filters based on precedence 5 and ToS 12. (To display a table of the precedence and ToS combinations for
each DSCP value, use the show qos dscp-table command.)
Table 4: Class-of-Service (CoS) Packet
Handling
WMM Priority
Desired
CLI CoS Value to
Enter
Background 1 or 2
Best effort 0 or 3
Video 4 or 5
Vo i c e 6 or 7